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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims; 

1 . (Currently Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a method of negotiating, through the proxy system, a secure end-to-end 
connection between the client system and the server system, wherein the client system securely 
authenticates to the proxy system, the method comprising the acts of: 

receiving a request from the client system for a secure connection between the 
client system and the proxy system; 

establishing a secure connection between the client and proxy systems, in which 
at least the client is authenticated to the proxy system;receiving a request from the client 
system for a secure end-to-end connection with the server system; 

upon authenticating the client, downgrading the secure connection between the 
client and the proxy systems to an insecure client-proxy connection: 

only after auth e nticating tho client, forwarding the client system request for a 
secure end-to-end connection to the server syste m only after authenticating the client and 
upon downgrading the secure connection between the client and the proxy systems to an 
insecure client-proxy connection, such that the secure connection between the client and 
the proxy systems is downgraded lo an insecure client-proxy connection prior to 
establishing the secure end-to-end connection between the client and server systems, and 
such that 7-ftft4 downgrading tho ooour e conn e ction betwoon th e client system and tho 
proxy s ystem to be inoocuro oftor tho secur e e nd - to -e nd conn e ction is established, 
wh e reby— the secure end-to-end connection is encapsulated within the insecure 
client-proxy connection, and such that the proxy server does not encrypt or decrypt any 
data sent between the client and the serve r within the insecure client-proxy connection . 
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2. (Original) A method as recited in claim I farther comprising the acts of: 
issuing an authenticate challenge to the client system; and 

receiving, over the secure client-proxy connection, proper authentication 
credentials from the client system, 

3. (Original) A method as recited in claim 2 wherein the authenticate challenge 
issued to the client system is one of a basic and a digest authenticate challenge. 

4. (Original) A method as recited in claim 1 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 

5. (Original) A method as recited in claim 4 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets layer 
and a transport layer security connection. 

6. (Original) A method as recited in claim 1 further comprising the act of 
sending a certificate to the client system, wherein the certificate may be used to verify the 
identity of the proxy system- 

7. (Original) A method as recited in claim 1 further comprising the act of 
receiving proper authentication credentials from the client system, wherein the proper 
authentication credentials received from the client system are certificate based. 

8. (Original) A method as recited in claim 1 further comprising the act of 
transferring data between the client system and the server system through the secure end-to-end 
connection. 

9. (Original) A method as recited in claim 1 wherein downgrading the secure 
connection between the client system and the proxy system to be insecure comprises the act of 
setting the cipher set for the connection to be a null cipher. 
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10. (Original) A method as recited in claim 1 wherein the request for a secure 
end-to-end connection comprises a hypertext transfer protocol connect request. 

11. (Original) A method as recited in claim 1 wherein the server system 
comprises one of a reverse proxy server system and a forward proxy system. 

12. (Original) A method as recited in claim 1 wherein at least one connection is 
over the Internet. 

13. (Original) A method as recited in claim 1 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server systems. 
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14. (Currently Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
- to being compromised, a method of negotiating, through the proxy system, a secure end-to-end 
connection between the client system and the server system, wherein the client system securely 
authenticates to the proxy system, the method comprising the acts of: 

sending a request to the proxy system for a secure connection between the client 
system and the proxy system; 
| establishing a secure client-proxy connection between the client and proxy 

systems, in which at least the client is authenticated to the proxy system; 

sending a request to the proxy system for a secure end-to-end connection with the 
server system, wherein the proxy system forwards the request to the server system for the 
secure end-to-end connection only after first authenticating the clien t and only after first 
downgrad ing the secure client-proxy connection to an insecure cli ent-proxy connection, 
such that the secure connection between the client and the pro xy systems is downgraded 
to an insecure client-proxy connection prior to establishing the secure end-to-end 
connection between the client and server systems, and such that : anridown grading tho 
saouro connection betwoon the cli e nt systomKHid th e proxy s ys te m to be insecure after the 
se eur e end to end connection is e stablish e d, wh e r e by t he secure end-to-end connection is 
encapsulated within the insecure client-proxy connection, and such that the proxy server 
does not encrypt or decrypt any data sent between the client and the server. 

1 5. (Original) A method as recited in claim 14 further comprising the acts of: 
receiving an authenticate challenge from the proxy system; and 

sending, over the secure client-proxy connection, proper authentication 
credentials to the proxy system. 

16. (Original) A method as recited in claim 15 wherein the authenticate challenge 
received by the client system is one of a basic and a digest authenticate challenge. 

17. (Original) A method as recited in claim 14 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 

Page 5 of 19 

PAGE 8/24 * RCVD AT 811512005 6:42:03 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/26 * DNIS:2738300 * CSID:8013281707 * DURATION (mm-ss):07-34 



BEST AVAILABLE COPY 



08/15/2005*16:42 FAX 8013281707 



WORKMAN HVDEGGER 



i)009/024 



Application No. 09/838,745 
Amendment W W dated August 1 5, 2005 
Reply to Office Atlion mailed Jvng 1 5, 2005 

18. (Original) A method as recited in claim 17 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets layer 
and a transport layer security connection. 

19. (Original) A method as recited in claim 14 further comprising the act of 
receiving a certificate from the proxy system, wherein the certificate may be used to verify the 
identity of the proxy system. 

20. (Original) A method as recited in claim 14 further comprising the act of 
sending proper authentication credentials to the proxy system, wherein the proper authentication 
credentials sent to the proxy system are certificate based. 

21. (Original) A method as recited in claim 14 further comprising the act of 
transferring data to the server system through the secure end-to-end connection. 

22. (Original) A method as recited in claim 14 wherein downgrading the secure 
connection between the client system and the proxy system to be insecure comprises the act of 
setting the cipher set for the connection to be a null cipher. 

23. (Original) A method as recited in claim 14 wherein the request for a secure 
end-to-end connection comprises a hypertext transfer protocol connect request. 

24. (Original) A method as recited in claim 14 wherein the server system 
comprises one of a reverse proxy server system and a forward proxy server system. 

25. (Original) A method as recited in claim 14 wherein at least one connection is 
over the Internet 
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26. (Original) A method as recited in claim 14 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server systems. 



Page 7 of 19 



PAGE 10/24 * RCVD AT 8/15/2005 6:42:03 PM [Eastern Daylight Time] ■ SVR:USPTO-EFXRF«26 * DNES:2738300 ■ CSID:8013281707 1 DURATION (mm-ss):07-34 



CT8/15/2005 '16:42 FAX 8013281707 



WORKMAN NVDEG6ER 



1011/024 



Application No. 09/838,745 
Amendment "B" dated August 15, 2005 
Reply t<> Office Action mailed June 15, 2005 

27. (Previously Presented) In computer network interconnecting a client 
system, a proxy system, and a server system, wherein data exchanged over the computer network 
is subject to being compromised, a method of negotiating, through the proxy system, a secure 
end-to-end connection between the client system and the server system, wherein the client 
system securely authenticates to the proxy system* the method comprising steps for: 

negotiating a secure client-proxy connection between the client and proxy 
systems, in which at least the client is authenticated to the proxy system; 

downgrading the secure client-proxy connection to an insecure client-proxy 
connection after authenticating the client; 

only after authenticating the client and after down grading the secure clienl-proxv 
connection, negotiating a secure end-to-end connection between the client and the server 
system using the secure client-proxy connection, siich that the secure connection between 
the client and the proxv systems is downgraded to an insecure client-proxy connection 
prior to establishing the secure end-to-end connection between the client and server 
systems, and such that alt e ring tho ooouro oliont proxy connection so that it is no long er 
seeu ro; and encapsulating t he secure end-to-end connection is encapsulated w ithin the 
insecure client-proxy connection, and such that the proxy server does not encrypt or 
decrypt any data sent between the client and the server. 

28. (Original) A method as recited in claim 27 further comprising a step for 
authenticating the client system to the proxy system, wherein the step for authenticating 
comprises an act of either the client system sending or the proxy system receiving, proper 
authentication credentials including at least one of a basic authenticate challenge response, a 
digest authenticate challenge response, and a certificate. 

29. (Original) A method as recited in claim 27 wherein the step for negotiating a 
secure connection between the client and proxy systems comprises the act of the client system 
receiving or the proxy system sending a certificate, wherein the certificate may be used to verify 
the identity of the proxy system. 
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30. (Original) A method as recited in claim 27 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 

31 . (Original) A method as recited m claim 30 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets layer 
and a transport layer security connection. 

32. (Original) A method as recited in claim 27 wherein the step for altering the 
secure client-proxy connection comprises the act of setting the cipher set for the connection to be 
a null cipher, thereby downgrading the client-proxy connection to be insecure. 

33. (Original) A method as recited in claim 27 where the step for negotiating a 
secure end-to-end connection comprises the act of either the client system sending or the proxy 
system receiving a hypertext transfer protocol connect request. 

34. (Original) A method as recited in claim 27 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server systems. 
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35. (Currently Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a computer program product for implementing a method of negotiating, 
through the proxy system, a secure end-to-end connection between the client system and the 
server system, wherein the client system securely authenticates to the proxy system, comprising: 

a computer readable medium for carrying machine-executable instructions for 
implementing the metho d recited m claim l.j -and 

whoroin said method is compriood of machine oxbcutable instructions for a proa y 
cyctoni performing the acta of: 

r - oooiving a request from the client oyatcm for a s e cur e connection botwoon the 
client system and th e proxy system; 

es tablishing u securo connootion between tho oliom und proxy oy st oms, in which 
at l e ast tho cliont is m j4fee n ri oatcd to th e proxy s yst e m; 

receiving a r e quest from tho client syst e m for a s e cure - end to end connection with 
th e server system; 

only after auth e nticating tho oliont, forwarding tho cli e nt ayrrtom request for a 
secure end to ond connection to tho s e rver system; and 

downgrading th e s e curo connection b e tw e en th e client syst e m and tho proxy 
syst e m to b e ins e cur e aft e r tho - socur e e nd to e nd connection is ootablishod, whereby 
the securo end to ond conn ee& on is encapsulat e d wilhin the ins e oaro oliont proxy 
conn e ction, and - s u eh that th e proxy s e rv e r do e s not encrypt - or doorypt any data sent 
between tho client und tho - scrvcr. 

36. (Original) A computer program product as recited in claim 35, the method 
comprised further of machine-executable instructions for performing the acts of: 

issuing an authenticate challenge to the client system; and 
receiving proper authentication credentials from the client system. 

37. (Original) A computer program product as recited in claim 36 wherein the 
authenticate challenge issued to the client system is one of a basic and a digest authenticate 
challenge. 
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38. (Original) A computer program product as recited in claim 36, the method 
comprised further of machine executable instructions for performing the act of sending a 
certificate to the client system, wherein the certificate may be used to verify the identity of the 
proxy system. 

39. (Original) A computer program product as recited in claim 36 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is 
certificate based. 

40. (Original) A computer program product as recited in claim 39 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is one of a 
secure sockets layer and a transport layer security connection. 

41. (Original) A computer program product as recited in claim 35, the method 
further comprised of machine-executable instructions for performing the act of receiving proper 
authentication credentials from the client system, wherein proper authentication credentials 
received from the client system are certificate based. 

42. (Original) A computer program product as recited in claim 35, the method 
further comprised of machine-executable instructions for performing the act of transferring data 
between the client system and the server system through the secure end-to-end connection. 

43. (Original) A computer program product as recited in claim 35, the method 
comprised further of machine-executable instructions for performing the act of setting the cipher 
set for the secure client-proxy connection to be a null cipher, thereby downgrading the 
client-proxy connection to be insecure. 

44. (Original) A computer program product as recited in claim 35 wherein the 
request for a secure end-to-end connection comprises a hypertext transfer protocol connect 
request. 
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45 ► (Original) A computer program product as recited in claim 35 wherein the 
server $ystem comprises one of a reverse proxy server system and a forward proxy server 
system. 

46. (Original) A computer program product as recited in claim 35 wherein at 
least one connection is over the Internet. 

47, (Original) A computer program product as recited in claim 35 wherein the 
server system comprises a cascaded proxy system, the server system allowing secure 
connections, insecure connections, or both secure and insecure connections, with one or more 
other server systems. 
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48. (Currently Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a computer program product for implementing a method of negotiating, 
through the proxy system, a secure end-to-end connection between the client system and the 
server system, wherein the client system securely authenticates to the proxy system, comprising: 

a computer readable medium for carrying machine-executable instructions for 
implementing the metho d recited in claim 1 4, r ^nd 

wher e in said method is comprised of machine - ex e cutable instructiono f o r a cl ie nt 
syst e m p e rforming tho aolo of: 

sending a- roquoot to - the proxy syst e m for a socuro connection betw ee n th e 
client system and tho proxy system; 

e stablishing a Geoi tf»- conn e ction b e tw ee n th e cliont ond proxy systems, in 
which at loao t th e client is authenticat e d to tho praxy oyptom; 

sen ding a request to th e proxy syst e m for a ooouro ond to end conn e ction with 
the - server syst e m, wh e r e in th e proxy Gyotom forwar<to - tho request to the serv e r 
system- only after first auth e nticating the cli e nt; - and 

d owngrading th e secure connection botwoon the client system and tho 
proxy Gystom to bo insecure after the s e cur e e nd to end conn e ction io eotablished, 
whoroby tho ooeuro end - to -e nd conn e ction i s encapsulated within the inseoure 
cliont proxy oonnootion, and such that tho proxy aorvor dooG not -- encrypt or 
de o g ypt any data sent betw e en th e cli e nt and tho sorvor. 

49. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the acts of: 

receiving an authenticate challenge from the proxy system; and 
sending proper authentication credentials to the proxy system. 

50. (Original) A computer program product as recited in claim 49 wherein the 
authenticate challenge received by the client system is one of a basic and a digest authenticate 
challenge. 

Page 13 of 19 

PAGE 16/24 ■ RCVD AT 8/15/2005 6:42:03 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/26 1 DNIS:2738300 ■ CSID:8013281707 * DURATION (mm-ss):07-34 



BEST AVAILABLE COPY 



08/15/2005 16:44 FAX 8013281707 



WORKMAN NVDEGGER 



@1 017/ 



Application No. 09/838,745 
Amendment "B" dated August 15, 2005 
Reply Lo Office Action mailed June 15, 2005 



51. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of receiving a 
certificate from the proxy system, wherein the certificate may be used to verify the identity of the 
proxy system. 

52. (Original) A computer program product as recited m claim 48 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is 
certificate based. 

53. (Original) A computer program product as recited in claim 52 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is one of a 
secure sockets layer and a transport layer security connection. 

54. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of sending proper 
authentication credentials to the proxy system, wherein the proper authentication credentials sent 
to the proxy system are certificate based. 

55. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of transferring data 
between the client system and the server system through the secure end-to-end connection. 

56. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of setting the cipher 
set for the secure client-proxy connection to be a null cipher, thereby downgrading the 
client-proxy connection to be insecure. 
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57. (Original) A computer program product as recited in claim 48 wherein the 
request for a secure end-to-end connection comprises a hypertext transfer protocol connect 
request. 

58. (Original) A computer program product as recited in claim 48 wherein the 
server system comprises one of a reverse proxy server system and a forward proxy server 
system. 

59. (Original) . A computer program product as recited in claim 48 wherein at 
least one connection is over the Internet. 

60. (Original) A computer program product as recited in claim 48 wherein the 
server system comprises a cascaded proxy system, the server system allowing secure 
connections, insecure connections, or both secure and insecure connections, with one or more 
other server systems. 
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